PCA-CONNECTOR-AD
CreateConnector
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.ClientToken == STRING
input.Body.DirectoryId == STRING
input.Body.Tags.STRING == STRING
input.Body.VpcInformation.SecurityGroupIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateDirectoryRegistration
valid {
input.Body.ClientToken == STRING
input.Body.DirectoryId == STRING
input.Body.Tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateServicePrincipalName
valid {
input.Body.ClientToken == STRING
input.ReqMap.ConnectorArn == STRING
input.ReqMap.DirectoryRegistrationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateTemplate
enum_ApplicationPolicyType := [ "ALL_APPLICATION_POLICIES", "ANY_PURPOSE", "ATTESTATION_IDENTITY_KEY_CERTIFICATE", "CERTIFICATE_REQUEST_AGENT", "CLIENT_AUTHENTICATION", "CODE_SIGNING", "CTL_USAGE", "DIGITAL_RIGHTS", "DIRECTORY_SERVICE_EMAIL_REPLICATION", "DISALLOWED_LIST", "DNS_SERVER_TRUST", "DOCUMENT_ENCRYPTION", "DOCUMENT_SIGNING", "DYNAMIC_CODE_GENERATOR", "EARLY_LAUNCH_ANTIMALWARE_DRIVER", "EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION", "ENCLAVE", "ENCRYPTING_FILE_SYSTEM", "ENDORSEMENT_KEY_CERTIFICATE", "FILE_RECOVERY", "HAL_EXTENSION", "IP_SECURITY_END_SYSTEM", "IP_SECURITY_IKE_INTERMEDIATE", "IP_SECURITY_TUNNEL_TERMINATION", "IP_SECURITY_USER", "ISOLATED_USER_MODE", "KDC_AUTHENTICATION", "KERNEL_MODE_CODE_SIGNING", "KEY_PACK_LICENSES", "KEY_RECOVERY", "KEY_RECOVERY_AGENT", "LICENSE_SERVER_VERIFICATION", "LIFETIME_SIGNING", "MICROSOFT_PUBLISHER", "MICROSOFT_TIME_STAMPING", "MICROSOFT_TRUST_LIST_SIGNING", "OCSP_SIGNING", "OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION", "PLATFORM_CERTIFICATE", "PREVIEW_BUILD_SIGNING", "PRIVATE_KEY_ARCHIVAL", "PROTECTED_PROCESS_LIGHT_VERIFICATION", "PROTECTED_PROCESS_VERIFICATION", "QUALIFIED_SUBORDINATION", "REVOKED_LIST_SIGNER", "ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION", "ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION", "ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL", "ROOT_LIST_SIGNER", "SECURE_EMAIL", "SERVER_AUTHENTICATION", "SMART_CARD_LOGIN", "SPC_ENCRYPTED_DIGEST_RETRY_COUNT", "SPC_RELAXED_PE_MARKER_CHECK", "TIME_STAMPING", "WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION", "WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION", "WINDOWS_HARDWARE_DRIVER_VERIFICATION", "WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION", "WINDOWS_KITS_COMPONENT", "WINDOWS_RT_VERIFICATION", "WINDOWS_SOFTWARE_EXTENSION_VERIFICATION", "WINDOWS_STORE", "WINDOWS_SYSTEM_COMPONENT_VERIFICATION", "WINDOWS_TCB_COMPONENT", "WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT", "WINDOWS_UPDATE" ]
enum_ClientCompatibilityV2 := [ "WINDOWS_SERVER_2003", "WINDOWS_SERVER_2008", "WINDOWS_SERVER_2008_R2", "WINDOWS_SERVER_2012", "WINDOWS_SERVER_2012_R2", "WINDOWS_SERVER_2016" ]
enum_ClientCompatibilityV3 := [ "WINDOWS_SERVER_2008", "WINDOWS_SERVER_2008_R2", "WINDOWS_SERVER_2012", "WINDOWS_SERVER_2012_R2", "WINDOWS_SERVER_2016" ]
enum_ClientCompatibilityV4 := [ "WINDOWS_SERVER_2012", "WINDOWS_SERVER_2012_R2", "WINDOWS_SERVER_2016" ]
enum_HashAlgorithm := [ "SHA256", "SHA384", "SHA512" ]
enum_KeySpec := [ "KEY_EXCHANGE", "SIGNATURE" ]
enum_KeyUsagePropertyType := [ "ALL" ]
enum_PrivateKeyAlgorithm := [ "RSA", "ECDH_P256", "ECDH_P384", "ECDH_P521" ]
enum_ValidityPeriodType := [ "HOURS", "DAYS", "WEEKS", "MONTHS", "YEARS" ]
valid {
input.Body.ClientToken == STRING
input.Body.ConnectorArn == STRING
input.Body.Definition.TemplateV2.CertificateValidity.RenewalPeriod.Period == LONG
input.Body.Definition.TemplateV2.CertificateValidity.RenewalPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV2.CertificateValidity.ValidityPeriod.Period == LONG
input.Body.Definition.TemplateV2.CertificateValidity.ValidityPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV2.EnrollmentFlags.EnableKeyReuseOnNtTokenKeysetStorageFull == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.IncludeSymmetricAlgorithms == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.NoSecurityExtension == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.RemoveInvalidCertificateFromPersonalStore == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.UserInteractionRequired == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.ApplicationPolicies.Critical == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.ApplicationPolicies.Policies[_].PolicyObjectIdentifier == STRING
input.Body.Definition.TemplateV2.Extensions.ApplicationPolicies.Policies[_].PolicyType == enum_ApplicationPolicyType[_]
input.Body.Definition.TemplateV2.Extensions.KeyUsage.Critical == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.DataEncipherment == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.DigitalSignature == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.KeyEncipherment == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.NonRepudiation == BOOLEAN
input.Body.Definition.TemplateV2.GeneralFlags.AutoEnrollment == BOOLEAN
input.Body.Definition.TemplateV2.GeneralFlags.MachineType == BOOLEAN
input.Body.Definition.TemplateV2.PrivateKeyAttributes.CryptoProviders[_] == STRING
input.Body.Definition.TemplateV2.PrivateKeyAttributes.KeySpec == enum_KeySpec[_]
input.Body.Definition.TemplateV2.PrivateKeyAttributes.MinimalKeyLength == INTEGER
input.Body.Definition.TemplateV2.PrivateKeyFlags.ClientVersion == enum_ClientCompatibilityV2[_]
input.Body.Definition.TemplateV2.PrivateKeyFlags.ExportableKey == BOOLEAN
input.Body.Definition.TemplateV2.PrivateKeyFlags.StrongKeyProtectionRequired == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireCommonName == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireDirectoryPath == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireDnsAsCn == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireEmail == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireDirectoryGuid == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireDns == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireDomainDns == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireEmail == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireSpn == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireUpn == BOOLEAN
input.Body.Definition.TemplateV2.SupersededTemplates[_] == STRING
input.Body.Definition.TemplateV3.CertificateValidity.RenewalPeriod.Period == LONG
input.Body.Definition.TemplateV3.CertificateValidity.RenewalPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV3.CertificateValidity.ValidityPeriod.Period == LONG
input.Body.Definition.TemplateV3.CertificateValidity.ValidityPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV3.EnrollmentFlags.EnableKeyReuseOnNtTokenKeysetStorageFull == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.IncludeSymmetricAlgorithms == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.NoSecurityExtension == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.RemoveInvalidCertificateFromPersonalStore == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.UserInteractionRequired == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.ApplicationPolicies.Critical == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.ApplicationPolicies.Policies[_].PolicyObjectIdentifier == STRING
input.Body.Definition.TemplateV3.Extensions.ApplicationPolicies.Policies[_].PolicyType == enum_ApplicationPolicyType[_]
input.Body.Definition.TemplateV3.Extensions.KeyUsage.Critical == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.DataEncipherment == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.DigitalSignature == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.KeyEncipherment == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.NonRepudiation == BOOLEAN
input.Body.Definition.TemplateV3.GeneralFlags.AutoEnrollment == BOOLEAN
input.Body.Definition.TemplateV3.GeneralFlags.MachineType == BOOLEAN
input.Body.Definition.TemplateV3.HashAlgorithm == enum_HashAlgorithm[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.Algorithm == enum_PrivateKeyAlgorithm[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.CryptoProviders[_] == STRING
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeySpec == enum_KeySpec[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Decrypt == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Sign == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyType == enum_KeyUsagePropertyType[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.MinimalKeyLength == INTEGER
input.Body.Definition.TemplateV3.PrivateKeyFlags.ClientVersion == enum_ClientCompatibilityV3[_]
input.Body.Definition.TemplateV3.PrivateKeyFlags.ExportableKey == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyFlags.RequireAlternateSignatureAlgorithm == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyFlags.StrongKeyProtectionRequired == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireCommonName == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireDirectoryPath == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireDnsAsCn == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireEmail == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireDirectoryGuid == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireDns == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireDomainDns == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireEmail == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireSpn == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireUpn == BOOLEAN
input.Body.Definition.TemplateV3.SupersededTemplates[_] == STRING
input.Body.Definition.TemplateV4.CertificateValidity.RenewalPeriod.Period == LONG
input.Body.Definition.TemplateV4.CertificateValidity.RenewalPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV4.CertificateValidity.ValidityPeriod.Period == LONG
input.Body.Definition.TemplateV4.CertificateValidity.ValidityPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV4.EnrollmentFlags.EnableKeyReuseOnNtTokenKeysetStorageFull == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.IncludeSymmetricAlgorithms == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.NoSecurityExtension == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.RemoveInvalidCertificateFromPersonalStore == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.UserInteractionRequired == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.ApplicationPolicies.Critical == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.ApplicationPolicies.Policies[_].PolicyObjectIdentifier == STRING
input.Body.Definition.TemplateV4.Extensions.ApplicationPolicies.Policies[_].PolicyType == enum_ApplicationPolicyType[_]
input.Body.Definition.TemplateV4.Extensions.KeyUsage.Critical == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.DataEncipherment == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.DigitalSignature == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.KeyEncipherment == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.NonRepudiation == BOOLEAN
input.Body.Definition.TemplateV4.GeneralFlags.AutoEnrollment == BOOLEAN
input.Body.Definition.TemplateV4.GeneralFlags.MachineType == BOOLEAN
input.Body.Definition.TemplateV4.HashAlgorithm == enum_HashAlgorithm[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.Algorithm == enum_PrivateKeyAlgorithm[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.CryptoProviders[_] == STRING
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeySpec == enum_KeySpec[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Decrypt == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Sign == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyType == enum_KeyUsagePropertyType[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.MinimalKeyLength == INTEGER
input.Body.Definition.TemplateV4.PrivateKeyFlags.ClientVersion == enum_ClientCompatibilityV4[_]
input.Body.Definition.TemplateV4.PrivateKeyFlags.ExportableKey == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.RequireAlternateSignatureAlgorithm == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.RequireSameKeyRenewal == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.StrongKeyProtectionRequired == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.UseLegacyProvider == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireCommonName == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireDirectoryPath == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireDnsAsCn == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireEmail == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireDirectoryGuid == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireDns == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireDomainDns == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireEmail == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireSpn == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireUpn == BOOLEAN
input.Body.Definition.TemplateV4.SupersededTemplates[_] == STRING
input.Body.Name == STRING
input.Body.Tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateTemplateGroupAccessControlEntry
enum_AccessRight := [ "ALLOW", "DENY" ]
valid {
input.Body.AccessRights.AutoEnroll == enum_AccessRight[_]
input.Body.AccessRights.Enroll == enum_AccessRight[_]
input.Body.ClientToken == STRING
input.Body.GroupDisplayName == STRING
input.Body.GroupSecurityIdentifier == STRING
input.ReqMap.TemplateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteConnector
valid {
input.ReqMap.ConnectorArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteDirectoryRegistration
valid {
input.ReqMap.DirectoryRegistrationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteServicePrincipalName
valid {
input.ReqMap.ConnectorArn == STRING
input.ReqMap.DirectoryRegistrationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteTemplate
valid {
input.ReqMap.TemplateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteTemplateGroupAccessControlEntry
valid {
input.ReqMap.GroupSecurityIdentifier == STRING
input.ReqMap.TemplateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetConnector
valid {
input.ReqMap.ConnectorArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetDirectoryRegistration
valid {
input.ReqMap.DirectoryRegistrationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetServicePrincipalName
valid {
input.ReqMap.ConnectorArn == STRING
input.ReqMap.DirectoryRegistrationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetTemplate
valid {
input.ReqMap.TemplateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetTemplateGroupAccessControlEntry
valid {
input.ReqMap.GroupSecurityIdentifier == STRING
input.ReqMap.TemplateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListConnectors
valid {
input.Qs.MaxResults == INTEGER
input.Qs.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListDirectoryRegistrations
valid {
input.Qs.MaxResults == INTEGER
input.Qs.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListServicePrincipalNames
valid {
input.ReqMap.DirectoryRegistrationArn == STRING
input.Qs.MaxResults == INTEGER
input.Qs.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTemplateGroupAccessControlEntries
valid {
input.ReqMap.TemplateArn == STRING
input.Qs.MaxResults == INTEGER
input.Qs.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTemplates
valid {
input.Qs.ConnectorArn == STRING
input.Qs.MaxResults == INTEGER
input.Qs.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.Tags.STRING == STRING
input.ReqMap.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.ResourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateTemplate
enum_ApplicationPolicyType := [ "ALL_APPLICATION_POLICIES", "ANY_PURPOSE", "ATTESTATION_IDENTITY_KEY_CERTIFICATE", "CERTIFICATE_REQUEST_AGENT", "CLIENT_AUTHENTICATION", "CODE_SIGNING", "CTL_USAGE", "DIGITAL_RIGHTS", "DIRECTORY_SERVICE_EMAIL_REPLICATION", "DISALLOWED_LIST", "DNS_SERVER_TRUST", "DOCUMENT_ENCRYPTION", "DOCUMENT_SIGNING", "DYNAMIC_CODE_GENERATOR", "EARLY_LAUNCH_ANTIMALWARE_DRIVER", "EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION", "ENCLAVE", "ENCRYPTING_FILE_SYSTEM", "ENDORSEMENT_KEY_CERTIFICATE", "FILE_RECOVERY", "HAL_EXTENSION", "IP_SECURITY_END_SYSTEM", "IP_SECURITY_IKE_INTERMEDIATE", "IP_SECURITY_TUNNEL_TERMINATION", "IP_SECURITY_USER", "ISOLATED_USER_MODE", "KDC_AUTHENTICATION", "KERNEL_MODE_CODE_SIGNING", "KEY_PACK_LICENSES", "KEY_RECOVERY", "KEY_RECOVERY_AGENT", "LICENSE_SERVER_VERIFICATION", "LIFETIME_SIGNING", "MICROSOFT_PUBLISHER", "MICROSOFT_TIME_STAMPING", "MICROSOFT_TRUST_LIST_SIGNING", "OCSP_SIGNING", "OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION", "PLATFORM_CERTIFICATE", "PREVIEW_BUILD_SIGNING", "PRIVATE_KEY_ARCHIVAL", "PROTECTED_PROCESS_LIGHT_VERIFICATION", "PROTECTED_PROCESS_VERIFICATION", "QUALIFIED_SUBORDINATION", "REVOKED_LIST_SIGNER", "ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION", "ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION", "ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL", "ROOT_LIST_SIGNER", "SECURE_EMAIL", "SERVER_AUTHENTICATION", "SMART_CARD_LOGIN", "SPC_ENCRYPTED_DIGEST_RETRY_COUNT", "SPC_RELAXED_PE_MARKER_CHECK", "TIME_STAMPING", "WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION", "WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION", "WINDOWS_HARDWARE_DRIVER_VERIFICATION", "WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION", "WINDOWS_KITS_COMPONENT", "WINDOWS_RT_VERIFICATION", "WINDOWS_SOFTWARE_EXTENSION_VERIFICATION", "WINDOWS_STORE", "WINDOWS_SYSTEM_COMPONENT_VERIFICATION", "WINDOWS_TCB_COMPONENT", "WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT", "WINDOWS_UPDATE" ]
enum_ClientCompatibilityV2 := [ "WINDOWS_SERVER_2003", "WINDOWS_SERVER_2008", "WINDOWS_SERVER_2008_R2", "WINDOWS_SERVER_2012", "WINDOWS_SERVER_2012_R2", "WINDOWS_SERVER_2016" ]
enum_ClientCompatibilityV3 := [ "WINDOWS_SERVER_2008", "WINDOWS_SERVER_2008_R2", "WINDOWS_SERVER_2012", "WINDOWS_SERVER_2012_R2", "WINDOWS_SERVER_2016" ]
enum_ClientCompatibilityV4 := [ "WINDOWS_SERVER_2012", "WINDOWS_SERVER_2012_R2", "WINDOWS_SERVER_2016" ]
enum_HashAlgorithm := [ "SHA256", "SHA384", "SHA512" ]
enum_KeySpec := [ "KEY_EXCHANGE", "SIGNATURE" ]
enum_KeyUsagePropertyType := [ "ALL" ]
enum_PrivateKeyAlgorithm := [ "RSA", "ECDH_P256", "ECDH_P384", "ECDH_P521" ]
enum_ValidityPeriodType := [ "HOURS", "DAYS", "WEEKS", "MONTHS", "YEARS" ]
valid {
input.Body.Definition.TemplateV2.CertificateValidity.RenewalPeriod.Period == LONG
input.Body.Definition.TemplateV2.CertificateValidity.RenewalPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV2.CertificateValidity.ValidityPeriod.Period == LONG
input.Body.Definition.TemplateV2.CertificateValidity.ValidityPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV2.EnrollmentFlags.EnableKeyReuseOnNtTokenKeysetStorageFull == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.IncludeSymmetricAlgorithms == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.NoSecurityExtension == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.RemoveInvalidCertificateFromPersonalStore == BOOLEAN
input.Body.Definition.TemplateV2.EnrollmentFlags.UserInteractionRequired == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.ApplicationPolicies.Critical == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.ApplicationPolicies.Policies[_].PolicyObjectIdentifier == STRING
input.Body.Definition.TemplateV2.Extensions.ApplicationPolicies.Policies[_].PolicyType == enum_ApplicationPolicyType[_]
input.Body.Definition.TemplateV2.Extensions.KeyUsage.Critical == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.DataEncipherment == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.DigitalSignature == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.KeyEncipherment == BOOLEAN
input.Body.Definition.TemplateV2.Extensions.KeyUsage.UsageFlags.NonRepudiation == BOOLEAN
input.Body.Definition.TemplateV2.GeneralFlags.AutoEnrollment == BOOLEAN
input.Body.Definition.TemplateV2.GeneralFlags.MachineType == BOOLEAN
input.Body.Definition.TemplateV2.PrivateKeyAttributes.CryptoProviders[_] == STRING
input.Body.Definition.TemplateV2.PrivateKeyAttributes.KeySpec == enum_KeySpec[_]
input.Body.Definition.TemplateV2.PrivateKeyAttributes.MinimalKeyLength == INTEGER
input.Body.Definition.TemplateV2.PrivateKeyFlags.ClientVersion == enum_ClientCompatibilityV2[_]
input.Body.Definition.TemplateV2.PrivateKeyFlags.ExportableKey == BOOLEAN
input.Body.Definition.TemplateV2.PrivateKeyFlags.StrongKeyProtectionRequired == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireCommonName == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireDirectoryPath == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireDnsAsCn == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.RequireEmail == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireDirectoryGuid == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireDns == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireDomainDns == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireEmail == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireSpn == BOOLEAN
input.Body.Definition.TemplateV2.SubjectNameFlags.SanRequireUpn == BOOLEAN
input.Body.Definition.TemplateV2.SupersededTemplates[_] == STRING
input.Body.Definition.TemplateV3.CertificateValidity.RenewalPeriod.Period == LONG
input.Body.Definition.TemplateV3.CertificateValidity.RenewalPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV3.CertificateValidity.ValidityPeriod.Period == LONG
input.Body.Definition.TemplateV3.CertificateValidity.ValidityPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV3.EnrollmentFlags.EnableKeyReuseOnNtTokenKeysetStorageFull == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.IncludeSymmetricAlgorithms == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.NoSecurityExtension == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.RemoveInvalidCertificateFromPersonalStore == BOOLEAN
input.Body.Definition.TemplateV3.EnrollmentFlags.UserInteractionRequired == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.ApplicationPolicies.Critical == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.ApplicationPolicies.Policies[_].PolicyObjectIdentifier == STRING
input.Body.Definition.TemplateV3.Extensions.ApplicationPolicies.Policies[_].PolicyType == enum_ApplicationPolicyType[_]
input.Body.Definition.TemplateV3.Extensions.KeyUsage.Critical == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.DataEncipherment == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.DigitalSignature == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.KeyEncipherment == BOOLEAN
input.Body.Definition.TemplateV3.Extensions.KeyUsage.UsageFlags.NonRepudiation == BOOLEAN
input.Body.Definition.TemplateV3.GeneralFlags.AutoEnrollment == BOOLEAN
input.Body.Definition.TemplateV3.GeneralFlags.MachineType == BOOLEAN
input.Body.Definition.TemplateV3.HashAlgorithm == enum_HashAlgorithm[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.Algorithm == enum_PrivateKeyAlgorithm[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.CryptoProviders[_] == STRING
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeySpec == enum_KeySpec[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Decrypt == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Sign == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyAttributes.KeyUsageProperty.PropertyType == enum_KeyUsagePropertyType[_]
input.Body.Definition.TemplateV3.PrivateKeyAttributes.MinimalKeyLength == INTEGER
input.Body.Definition.TemplateV3.PrivateKeyFlags.ClientVersion == enum_ClientCompatibilityV3[_]
input.Body.Definition.TemplateV3.PrivateKeyFlags.ExportableKey == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyFlags.RequireAlternateSignatureAlgorithm == BOOLEAN
input.Body.Definition.TemplateV3.PrivateKeyFlags.StrongKeyProtectionRequired == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireCommonName == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireDirectoryPath == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireDnsAsCn == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.RequireEmail == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireDirectoryGuid == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireDns == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireDomainDns == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireEmail == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireSpn == BOOLEAN
input.Body.Definition.TemplateV3.SubjectNameFlags.SanRequireUpn == BOOLEAN
input.Body.Definition.TemplateV3.SupersededTemplates[_] == STRING
input.Body.Definition.TemplateV4.CertificateValidity.RenewalPeriod.Period == LONG
input.Body.Definition.TemplateV4.CertificateValidity.RenewalPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV4.CertificateValidity.ValidityPeriod.Period == LONG
input.Body.Definition.TemplateV4.CertificateValidity.ValidityPeriod.PeriodType == enum_ValidityPeriodType[_]
input.Body.Definition.TemplateV4.EnrollmentFlags.EnableKeyReuseOnNtTokenKeysetStorageFull == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.IncludeSymmetricAlgorithms == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.NoSecurityExtension == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.RemoveInvalidCertificateFromPersonalStore == BOOLEAN
input.Body.Definition.TemplateV4.EnrollmentFlags.UserInteractionRequired == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.ApplicationPolicies.Critical == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.ApplicationPolicies.Policies[_].PolicyObjectIdentifier == STRING
input.Body.Definition.TemplateV4.Extensions.ApplicationPolicies.Policies[_].PolicyType == enum_ApplicationPolicyType[_]
input.Body.Definition.TemplateV4.Extensions.KeyUsage.Critical == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.DataEncipherment == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.DigitalSignature == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.KeyEncipherment == BOOLEAN
input.Body.Definition.TemplateV4.Extensions.KeyUsage.UsageFlags.NonRepudiation == BOOLEAN
input.Body.Definition.TemplateV4.GeneralFlags.AutoEnrollment == BOOLEAN
input.Body.Definition.TemplateV4.GeneralFlags.MachineType == BOOLEAN
input.Body.Definition.TemplateV4.HashAlgorithm == enum_HashAlgorithm[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.Algorithm == enum_PrivateKeyAlgorithm[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.CryptoProviders[_] == STRING
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeySpec == enum_KeySpec[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Decrypt == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.KeyAgreement == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyFlags.Sign == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyAttributes.KeyUsageProperty.PropertyType == enum_KeyUsagePropertyType[_]
input.Body.Definition.TemplateV4.PrivateKeyAttributes.MinimalKeyLength == INTEGER
input.Body.Definition.TemplateV4.PrivateKeyFlags.ClientVersion == enum_ClientCompatibilityV4[_]
input.Body.Definition.TemplateV4.PrivateKeyFlags.ExportableKey == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.RequireAlternateSignatureAlgorithm == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.RequireSameKeyRenewal == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.StrongKeyProtectionRequired == BOOLEAN
input.Body.Definition.TemplateV4.PrivateKeyFlags.UseLegacyProvider == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireCommonName == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireDirectoryPath == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireDnsAsCn == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.RequireEmail == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireDirectoryGuid == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireDns == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireDomainDns == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireEmail == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireSpn == BOOLEAN
input.Body.Definition.TemplateV4.SubjectNameFlags.SanRequireUpn == BOOLEAN
input.Body.Definition.TemplateV4.SupersededTemplates[_] == STRING
input.Body.ReenrollAllCertificateHolders == BOOLEAN
input.ReqMap.TemplateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateTemplateGroupAccessControlEntry
enum_AccessRight := [ "ALLOW", "DENY" ]
valid {
input.Body.AccessRights.AutoEnroll == enum_AccessRight[_]
input.Body.AccessRights.Enroll == enum_AccessRight[_]
input.Body.GroupDisplayName == STRING
input.ReqMap.GroupSecurityIdentifier == STRING
input.ReqMap.TemplateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago